package cn.tedu._08security.controller;

import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/api/")
public class ResourceController {
    //测试资源 不需要认证[登录]就可以访问
    @GetMapping("public/hello")
    public String publicResource() {
        return "hello world";
    }
    //测试资源 需要认证[登录]即可访问
    @PostAuthorize("hasAuthority('sys:private:view')")
    @GetMapping("private/hello")
    public String privateResource() {
        return "hello private";
    }
}
